30-8
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 30 Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its
associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the
extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.
It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN
defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the
network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN
destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic
to the user. The RSPAN VLAN ID separates the sessions.
SPAN and RSPAN Interaction with Other Features
SPAN interacts with these features:
•
STP—A destination port does not participate in STP while its SPAN or RSPAN session is active.
The destination port can participate in STP after the SPAN or RSPAN session is disabled. On a
source port, SPAN does not affect the STP status. STP can be active on trunk ports carrying an
RSPAN VLAN.
•
CDP—A SPAN destination port does not participate in CDP while the SPAN session is active. After
the SPAN session is disabled, the port again participates in CDP.
•
VTP—You can use VTP to prune an RSPAN VLAN between switches.
•
VLAN and trunking—You can modify VLAN membership or trunk settings for source or
destination ports at any time. However, changes in VLAN membership or trunk settings for a
destination port do not take effect until you remove the SPAN destination configuration. Changes
in VLAN membership or trunk settings for a source port immediately take effect, and the respective
SPAN sessions automatically adjust accordingly.
•
EtherChannel—You can configure an EtherChannel group as a source port but not as a SPAN
destination port. When a group is configured as a SPAN source, the entire group is monitored.
If a physical port is added to a monitored EtherChannel group, the new port is added to the SPAN
source port list. If a port is removed from a monitored EtherChannel group, it is automatically
removed from the source port list.
A physical port that belongs to an EtherChannel group can be configured as a SPAN source port and
still be a part of the EtherChannel. In this case, data from the physical port is monitored as it
participates in the EtherChannel. However, if a physical port that belongs to an EtherChannel group
is configured as a SPAN destination, it is removed from the group. After the port is removed from
the SPAN session, it rejoins the EtherChannel group. Ports removed from an EtherChannel group
remain members of the group, but they are in the
inactive
or
suspended
state.
If a physical port that belongs to an EtherChannel group is a destination port and the EtherChannel
group is a source, the port is removed from the EtherChannel group and from the list of monitored
ports.
•
Multicast traffic can be monitored. For egress and ingress port monitoring, only a single unedited
packet is sent to the SPAN destination port. It does not reflect the number of times the multicast
packet is sent.
•
A secure port cannot be a SPAN destination port.
For SPAN sessions, do not enable port security on ports with monitored egress when ingress
forwarding is enabled on the destination port. For RSPAN source sessions, do not enable port
security on any ports with monitored egress.